iSmartAlarm Backend Server-Side Request Forgery

Risk: Medium
Local: No
Remote: Yes

[+] Credits: Ilia Shnaidman [+] Source: Vendor: ============= iSmartAlarm, inc. Product: ============= iSmartAlarm Backend iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems. It provides a fully integrated alarm system with siren, smart cameras and locks. It functions like any alarm system, but with the benefits of a connected device: alerts pop up on your phone, offering you full remote control via mobile app wherever you are. Vulnerability Type: ============= Server Side Request Forgery CVE Reference: ============= CVE-2017-7727 Security Issue: ================ Open Redirection - iSmartAlarm is not validating injection inside its api. Attack Vectors: =============== One of the backend api's contains an SSRF which allows me to use it as a proxy. An attacker can use iSmartAlarm's backend as a proxy server and potentially launch outbound attacks. PoC: Network Access: =============== Remote Severity: ========= High Disclosure Timeline: ===================================== Jan 30, 2017: Initial contact to vendor Feb 1, 2017: Vendor replied, requesting details Feb 2, 2017: Disclosure to vendor Apr 12, 2017: After vendor didn't replied, I've approached CERT Apr 13, 2017: Confirmed receipt by CERT and assigning CVEs July 05, 2017: Public disclosure

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018,


Back to Top